ID CVE-2006-4192
Summary Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.
References
Vulnerable Configurations
  • cpe:2.3:a:modplug:tracker:1.17.02.43
    cpe:2.3:a:modplug:tracker:1.17.02.43
CVSS
Base: 5.1 (as of 17-08-2006 - 17:46)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description OpenMPT <= 1.17.02.43 Multiple Remote Buffer Overflow Exploit PoC. CVE-2006-4192. Dos exploit for windows platform
id EDB-ID:2160
last seen 2016-01-31
modified 2006-08-10
published 2006-08-10
reporter Luigi Auriemma
source https://www.exploit-db.com/download/2160/
title OpenMPT <= 1.17.02.43 - Multiple Remote Buffer Overflow Exploit PoC
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-001.NASL
    description Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files. Updated packages are patched to address this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24618
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24618
    title Mandrake Linux Security Advisory : libmodplug (MDKSA-2007:001)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200612-04.NASL
    description The remote host is affected by the vulnerability described in GLSA-200612-04 (ModPlug: Multiple buffer overflows) Luigi Auriemma has reported various boundary errors in load_it.cpp and a boundary error in the 'CSoundFile::ReadSample()' function in sndfile.cpp. Impact : A remote attacker can entice a user to read crafted modules or ITP files, which may trigger a buffer overflow resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 23856
    published 2006-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23856
    title GLSA-200612-04 : ModPlug: Multiple buffer overflows
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-521-1.NASL
    description Luigi Auriemma discovered that libmodplug did not properly sanitize its input. A specially crafted AMF file could be used to exploit this situation to cause buffer overflows and possibly execute arbitrary code as the user. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28126
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28126
    title Ubuntu 6.06 LTS / 6.10 : libmodplug vulnerability (USN-521-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_XMMS-PLUGINS-2101.NASL
    description Specially crafted AMF files could potentially be used to exploit a heap based buffer overflow in libmodplug (CVE-2006-4192).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27491
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27491
    title openSUSE 10 Security Update : xmms-plugins (xmms-plugins-2101)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2011-0477.NASL
    description Updated gstreamer-plugins packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The gstreamer-plugins packages contain plug-ins used by the GStreamer streaming-media framework to support a wide variety of media formats. An integer overflow flaw, leading to a heap-based buffer overflow, and a stack-based buffer overflow flaw were found in various ModPlug music file format library (libmodplug) modules, embedded in GStreamer. An attacker could create specially crafted music files that, when played by a victim, would cause applications using GStreamer to crash or, potentially, execute arbitrary code. (CVE-2006-4192, CVE-2011-1574) All users of gstreamer-plugins are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications using GStreamer (such as Rhythmbox) must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53642
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53642
    title CentOS 4 : gstreamer-plugins (CESA-2011:0477)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-0477.NASL
    description From Red Hat Security Advisory 2011:0477 : Updated gstreamer-plugins packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The gstreamer-plugins packages contain plug-ins used by the GStreamer streaming-media framework to support a wide variety of media formats. An integer overflow flaw, leading to a heap-based buffer overflow, and a stack-based buffer overflow flaw were found in various ModPlug music file format library (libmodplug) modules, embedded in GStreamer. An attacker could create specially crafted music files that, when played by a victim, would cause applications using GStreamer to crash or, potentially, execute arbitrary code. (CVE-2006-4192, CVE-2011-1574) All users of gstreamer-plugins are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications using GStreamer (such as Rhythmbox) must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68266
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68266
    title Oracle Linux 4 : gstreamer-plugins (ELSA-2011-0477)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0477.NASL
    description Updated gstreamer-plugins packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The gstreamer-plugins packages contain plug-ins used by the GStreamer streaming-media framework to support a wide variety of media formats. An integer overflow flaw, leading to a heap-based buffer overflow, and a stack-based buffer overflow flaw were found in various ModPlug music file format library (libmodplug) modules, embedded in GStreamer. An attacker could create specially crafted music files that, when played by a victim, would cause applications using GStreamer to crash or, potentially, execute arbitrary code. (CVE-2006-4192, CVE-2011-1574) All users of gstreamer-plugins are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications using GStreamer (such as Rhythmbox) must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 53630
    published 2011-05-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53630
    title RHEL 4 : gstreamer-plugins (RHSA-2011:0477)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20110502_GSTREAMER_PLUGINS_ON_SL4_X.NASL
    description An integer overflow flaw, leading to a heap-based buffer overflow, and a stack-based buffer overflow flaw were found in various ModPlug music file format library (libmodplug) modules, embedded in GStreamer. An attacker could create specially crafted music files that, when played by a victim, would cause applications using GStreamer to crash or, potentially, execute arbitrary code. (CVE-2006-4192, CVE-2011-1574) All applications using GStreamer (such as Rhythmbox) must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61030
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61030
    title Scientific Linux Security Update : gstreamer-plugins on SL4.x i386/x86_64
redhat via4
advisories
rhsa
id RHSA-2011:0477
rpms
  • gstreamer-plugins-0:0.8.5-1.EL.3
  • gstreamer-plugins-devel-0:0.8.5-1.EL.3
refmap via4
bid 19448
bugtraq 20060809 Stack and heap overflows in MODPlug Tracker/OpenMPT 1.17.02.43 and libmodplug 0.8
confirm
gentoo GLSA-200612-04
mandriva MDKSA-2007:001
misc http://aluigi.altervista.org/adv/mptho-adv.txt
secunia
  • 21418
  • 22080
  • 22658
  • 23294
  • 23555
  • 26979
sreason 1397
suse SUSE-SR:2006:023
ubuntu USN-521-1
vupen
  • ADV-2006-3231
  • ADV-2006-4310
xf
  • openmpt-loadit-bo(28305)
  • openmpt-readsample-bo(28309)
Last major update 11-05-2011 - 14:22
Published 16-08-2006 - 21:04
Last modified 17-10-2018 - 17:33
Back to Top